Hi, I'm not sure if this is the place for this question but can someone on the team for Mint talk about what versions have been patched for KRACK? I know this exploit is new but it seems Debian has already patched some of their versions of wpa_supplicant.

If you haven't yet applied all available security upgrades in Update Manager, do so now.

The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.

For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.

So I came across some articles about how M$ already patched Windows against some WiFi exploit dubbed 'Krack' that nobody else seems to have done yet. Any ideas on how such a thing would be patched in the Linux world? Would it be distro specific? Kernel update? Obviously any articles about security usually get blown up more than they should, and every threat is the next big problem. Its just nice to know if things like this are being addressed.

xenopeek wrote:>> This issue is already fixed for all Linux Mint versions. <<

If you haven't yet applied all available security upgrades in Update Manager, do so now.

The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.

For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

No sign of any such updates for Mint 17.3 Cinnamon .
Most likely those affected packages were not installed by default ...
...... anybody else on 17.3 ?

xdicey wrote:......
Do routers from ISPs need patching as well?

It looks like this vulnerability would only be of any practical use to wardrivers , and to me this appears more like a proof-of-concept
than a genuine threat .
The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .

" And so it goes " - Kurt Vonnegut The modern reality and the satirical parody are rapidly converging .

You should have received a wpa labelled update for wpasupplicant on Mint 17.x as well, irrespective of the desktop environment.
xenopeek gave these update version details for Mint 17.x :

For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.

It has arrived on my 2 Mint 17.x systems.
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)

Best regards,
Karl

Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

karlchen wrote: ......
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)
.....